Google
 

Aardvark Daily

New Zealand's longest-running online daily news and commentary publication, now in its 24th year. The opinion pieces presented here are not purported to be fact but reasonable effort is made to ensure accuracy.

Content copyright © 1995 - 2018 to Bruce Simpson (aka Aardvark), the logo was kindly created for Aardvark Daily by the folks at aardvark.co.uk



Please visit the sponsor!
Please visit the sponsor!

The race to secure your computer

17 January 2018

There's an extremely important race going on right now.

It's a race to secure almost every single computer on the planet against hacking attacks that allow evil little sods and state-funded actors to rape your system of valuable data such as passwords and other sensitive information.

This race has come about due to the discovery of several critical vulnerabilities in most of the common CPUs manufactured over the past decade or so.

Black-hats are doubtlessly toiling away day and night to perfect exploits that will leverage these vulnerabilities to gain access to almost any computer they want -- while researchers are valiantly (but not successfully) trying to come up with ways to mitigate these vulnerabilities in a way that won't cripple those computers.

It really is a battle of good versus evil.

Unfortunately, it's still not clear who's going to win.

Why am I skeptical?

Well it seems that in the rush to get these patches out, manufacturers have encountered quite a few instances where they either impose a huge performance hit or the target system simply stops working.

Tech site arstechnica is reporting that the patches have created problems with drivers and microcode execution resulting in unstable operation. To this end, Intel has recommended that people stop installing the microcode updates it has released for some processor families.

For its part, Microsoft's patches have caused issue with anti-virus software and a number of industrial systems have had issues as a result of the patch for the Meltdown bug.

Microsoft's patch for AMD systems was withdrawn after it rendered some computers unable to boot.

Meanwhile, researchers have demonstrated "proof of concept" exploits that can be launched via Javascript -- something that might make it possible for any website to start plucking passwords, cookies and other confidential bits of critical data from your system if you are unfortunate enough to land on one of their pages.

There are no reports of actual attacks using these new CPU vulnerabilities but we all know that it's now just a matter of time.

I shudder to think of the implications if the blackhats are able to develop widespread exploits before Intel and the other CPU manufacturers have solid, robust, effective patches in place.

While all this is going on, I hark back to my own strategy for boosting security...

I believe that everyone should have a machine they set aside for websurfing. This machine should never be used for anything critical such as online banking. The purpose of this computer is simply to allow you to visit websites without fear of being hacked, hit by ransomware or otherwise attacked. You do not use this machine to store important data or visit important trusted websites.

If the worst happens, this machine can be wiped and reinstalled without breaking a sweat or losing a thing.

All that important and sensitive stuff is done on another machine which is kept fully patched and is only used for off-line tasks and for visiting the very few "trusted" websites that require security. Online banking and other activities can be performed on this machine and it is connected to the Net on an "as needed" basis. What's more, you run ad-blocking software, do not install Flash and never visit unknown and untrusted sites on this hardware.

Okay, my strategy isn't 100% guaranteed to protect you from being hit but it can significantly reduce your exposure and the amount of damage that a hit could create.

With old PCs costing virtually nothing and running very well on Linux, that "surfing" machine won't cost you much and you can even get a cheap burner phone if mobile is your chosen Net-access tool.

And, before you say "but I just run a VM", have you read this? Even virtual machines are no guarantee of safety.

Right now I'm wondering exactly how most people and businesses will cope if the black-hats get a powerful exploit out and it becomes widely distributed before the CPU and OS makers have time to properly address the vulnerability.

The big problem many small online enterprises will face is not on their own systems but on that used by their web-hosting companies. The Spectre and Meltdown bugs effectively remove the walls between websites on shared servers, potentially allowing anyone with the right code to gain access to some key data on those sites.

Could this effectively bring the Net to its knees, at least for the purposes of commerce and personal banking?

Who's worried and what are you doing to try and manage the very real risk?

Please visit the sponsor!
Please visit the sponsor!

Have your say in the Aardvark Forums.

PERMALINK to this column


Rank This Aardvark Page

 

Change Font

Sci-Tech headlines

 


Features:

Beware The Alternative Energy Scammers

The Great "Run Your Car On Water" Scam

 

Recent Columns

A *billion* dollar idea
As I mentioned in my last column, Google has now equipped its Chrome browser with the ability to defeat the worst in aggressive advertising formats on the Web...

Chrome anti-competitive?
Google's Chrome browser now has a feature that will reportedly stop 97 percent of all those really annoying ads from interrupting your browsing experience...

What ever happened to fuel cells?
Electric vehicles are set to become the next big thing...

Can you sense the frustration?
When the current CEO of the South Waikato District Council took up his position several years ago, I invited him to my studio-workshop to discuss how I could help promote the district he now managed...

Is now a good time to wait?
I ran a CPU benchmark on my video rendering machine last night and was gobsmacked at how much slower it is than "state of the art" silicon...

Beyond a joke
Yes, today's column is another of those boring gripes about CAA and drones...

Plastic, a bigger threat than climate change?
A regular reader sent me an email the other day containing a link to a worrying report that everyone should read...

Babies versus boosters, no contest
Yesterday was a fantastic day for any geek, space enthusiast or anyone who has the heart and imagination of a little boy...

Are you a dim-bulb?
The term "dim-bulb" is frequently used to denote someone of lower cerebral performance. A dunce, a person of lower intelligence, someone of sub-average IQ...

The *real* reason for trade deals?
You have to wonder why there has been so much emphasis on striking trade deals between NZ and a raft of other countries...

Tokoroa, EV-central?
An interesting debate is taking place here in Tokoroa...